DM protocol commands |
-The following list shows the commands that are used by the device. For further information about the OMA DM command elements, see "SyncML Representation Protocol Device Management Usage (OMA-SyncML-DMRepPro-V1_1_2-20030613-A)" available from the [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=267526).
+ | The following list shows the commands that are used by the device. For further information about the OMA DM command elements, see "SyncML Representation Protocol Device Management Usage (OMA-SyncML-DMRepPro-V1_1_2-20030613-A)" available from the [OMA website](https://www.openmobilealliance.org/release/DM/V1_1_2-20031209-A/).
Add (Implicit Add supported) Alert (DM alert): Generic alert (1226) is used by enterprise management client when the user triggers an MDM unenrollment action from the device or when a CSP finishes some asynchronous actions. Device alert (1224) is used to notify the server some device triggered event.
@@ -301,15 +301,15 @@ The following table shows the sequence of events during a typical DM session.
-
-The step numbers in the table do not represent message identification numbers (MsgID). All messages from the server must have a MsgID that is unique within the session, starting at 1 for the first message, and increasing by an increment of 1 for each additional message. For more information about MsgID and OMA SyncML protocol, see "OMA Device Management Representation Protocol" (OMA-TS-DM\_RepPro-V1\_2-20070209-A) available from the [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=526900).
+
+The step numbers in the table do not represent message identification numbers (MsgID). All messages from the server must have a MsgID that is unique within the session, starting at 1 for the first message, and increasing by an increment of 1 for each additional message. For more information about MsgID and OMA SyncML protocol, see "OMA Device Management Representation Protocol" (DM_RepPro-V1_2-20070209-A) available from the [OMA website](https://www.openmobilealliance.org/release/DM/V1_2-20070209-A/).
During OMA DM application level mutual authentication, if the device response code to Cred element in the server request is 212, no further authentication is needed for the remainder of the DM session. In the case of the MD5 authentication, the Chal element can be returned. Then the next nonce in Chal must be used for the MD5 digest when the next DM session is started.
If a request includes credentials and the response code to the request is 200, the same credential must be sent within the next request. If the Chal element is included and the MD5 authentication is required, a new digest is created by using the next nonce via the Chal element for next request.
-For more information about Basic or MD5 client authentication, MD5 server authentication, MD5 hash, and MD5 nonce, see the OMA Device Management Security specification (OMA-TS-DM\_Security-V1\_2\_1-20080617-A), authentication response code handling and step-by-step samples in OMA Device Management Protocol specification (OMA-TS-DM\_Protocol-V1\_2\_1-20080617-A), available from the [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=526900).
+For more information about Basic or MD5 client authentication, MD5 server authentication, MD5 hash, and MD5 nonce, see the OMA Device Management Security specification (OMA-TS-DM_Security-V1_2_1-20080617-A), authentication response code handling and step-by-step samples in OMA Device Management Protocol specification (OMA-TS-DM_Protocol-V1_2_1-20080617-A), available from the [OMA website](https://www.openmobilealliance.org/release/DM/V1_2_1-20080617-A/).
## User targeted vs. Device targeted configuration
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 7380b5d410..61f823bd03 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -443,11 +443,10 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
<<< [Exit status: SUCCESS]
```
-Windows Defender ATP also blocks installation and usage of prohibited peripherals by using a custom profile in Intune.
+You can also block installation by using a custom profile in Intune.
-For example, this custom profile blocks installation and usage of USB devices with hardware IDs "USBSTOR\DiskVendorCo" and "USBSTOR\DiskSanDisk_Cruzer_Glide_3.0", and applies to USB devices with matching hardware IDs that are already installed.
+
-
@@ -546,6 +545,13 @@ To verify the policy is applied, check C:\windows\INF\setupapi.dev.log and see i
<<< [Exit status: SUCCESS]
```
+You can also block installation and usage of prohibited peripherals by using a custom profile in Intune.
+
+For example, this custom profile blocks installation and usage of USB devices with hardware IDs "USB\Composite" and "USB\Class_FF", and applies to USB devices with matching hardware IDs that are already installed.
+
+
+
+
**DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses**
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index e258974ff4..4d766ec5f7 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -724,7 +724,10 @@ The following list shows the supported values:
-Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app. Note the Lumia 950 and 950XL have a maximum timeout value of 5 minutes, regardless of the value set by this policy.
+Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app.
+
+* On Mobile, the Lumia 950 and 950XL have a maximum timeout value of 5 minutes, regardless of the value set by this policy.
+* On HoloLens, this timeout is controlled by the device's system sleep timeout, regardless of the value set by this policy.
> [!NOTE]
> This policy must be wrapped in an Atomic command.
diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md
index f434251f74..85542e6932 100644
--- a/windows/client-management/mdm/uefi-csp.md
+++ b/windows/client-management/mdm/uefi-csp.md
@@ -17,6 +17,9 @@ The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmwa
> [!Note]
> The UEFI CSP version published in Windows 10, version 1803 is replaced with this one (version 1809).
+> [!Note]
+> The production UEFI CSP is present in 1809, but it depends upon the Device Firmware Configuration Interface (DFCI) and UEFI firmware to comply with this interface. The specification for this interface and compatible firmware is not yet available.
+
The following diagram shows the UEFI CSP in tree format.
@@ -124,4 +127,4 @@ Value type is Base64. Supported operation is Replace.
**Settings2/Result**
Retrieves the binary result package of previous Settings2/Apply operation. This binary package contains XML describing the action taken for each individual setting.
-Supported operation is Get.
\ No newline at end of file
+Supported operation is Get.
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index fe6bdbb4ad..4142e8244f 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -448,6 +448,8 @@ Required for native profiles. Type of tunneling protocol used. This value can be
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
+> **Note** The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: IKEv2, PPTP and then L2TP. This order is not customizable.
+
**VPNv2/***ProfileName***/NativeProfile/Authentication**
Required node for native profile. It contains authentication information for the native VPN profile.
diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md
index 635ee7e17a..cb0103ffff 100644
--- a/windows/configuration/start-layout-troubleshoot.md
+++ b/windows/configuration/start-layout-troubleshoot.md
@@ -300,6 +300,33 @@ C:\Windows\System32\tdlrecover.exe -reregister -resetlayout -resetcache
Although a reboot is not required, it may help clear up any residual issues after the command is run.
+### Symptoms: Start Menu and Apps cannot start after upgrade to Windows 10 version 1809 when Symantec Endpoint Protection is installed
+
+**Description** Start Menu, Search and Apps do not start after you upgrade a Windows 7-based computer that has Symantec Endpoint Protection installed to Windows 10 version 1809.
+
+**Cause** This occurs because of a failure to load sysfer.dll. During upgrade, the setup process does not set the privilege group "All Application Packages" on sysfer.dll and other Symantec modules.
+
+**Resolution** This issue was fixed by the Windows Cumulative Update that were released on December 5, 2018—KB4469342 (OS Build 17763.168).
+
+If you have already encountered this issue, use one of the following two options to fix the issue:
+
+**Option 1** Remove sysfer.dll from system32 folder and copy it back. Windows will set privilege automatically.
+
+**Option 2**
+
+1. Locate the directory C:\Windows\system32.
+
+2. Right-click on sysfer.dll and choose **Properties**.
+
+3. Switch to the **Security** tab.
+
+4. Confirm that **All Application Packages** group is missing.
+
+5. Click **Edit**, and then click **Add** to add the group.
+
+6. Test Start and other Apps.
+
+
diff --git a/windows/configuration/ue-v/uev-getting-started.md b/windows/configuration/ue-v/uev-getting-started.md
index de3fecb42b..a4a8ead75e 100644
--- a/windows/configuration/ue-v/uev-getting-started.md
+++ b/windows/configuration/ue-v/uev-getting-started.md
@@ -110,7 +110,7 @@ With Windows 10, version 1607 and later, the UE-V service is installed on user d
2. Navigate to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft** **User Experience Virtualization**.
-3. Double click **Use Users Experience Virtualization (UE-V)**.
+3. Double click **Use User Experience Virtualization (UE-V)**.
4. Select **Enabled** and click **OK**.
diff --git a/windows/deployment/add-store-apps-to-image.md b/windows/deployment/add-store-apps-to-image.md
index 7cd746c7c7..c61e28a736 100644
--- a/windows/deployment/add-store-apps-to-image.md
+++ b/windows/deployment/add-store-apps-to-image.md
@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
-author: DaniHalfin
-ms.author: daniha
+author: greg-lindsay
+ms.author: greglin
ms.date: 07/27/2017
---
diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md
index b073e9cd2f..8436f310a4 100644
--- a/windows/deployment/update/how-windows-update-works.md
+++ b/windows/deployment/update/how-windows-update-works.md
@@ -19,7 +19,7 @@ The Windows Update workflow has four core areas of functionality:
### Scan
1. Orchestrator schedules the scan.
-2. Orchestrator vertifies admin approvals and policies for download.
+2. Orchestrator verifies admin approvals and policies for download.
### Download
@@ -139,4 +139,4 @@ The action list describes all the files needed from WU, and what the install age
When the option to automatically install updates is configured, the Windows Update Orchestrator, in most cases, automatically restarts the PC for you after installing the updates. This is necessary because your PC may be insecure, or not fully updated, until a restart is completed. You can use Group Policy settings, mobile device management (MDM), or the registry (not recommended) to configure when devices will restart after a Windows 10 update is installed.
-For more information see [Manage device restarts after updates](waas-restart.md).
\ No newline at end of file
+For more information see [Manage device restarts after updates](waas-restart.md).
diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md
index 074861843d..f155f00f4c 100644
--- a/windows/deployment/update/waas-branchcache.md
+++ b/windows/deployment/update/waas-branchcache.md
@@ -4,9 +4,9 @@ description: Use BranchCache to optimize network bandwidth during update deploym
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-author: DaniHalfin
+author: jaimeo
ms.localizationpriority: medium
-ms.author: daniha
+ms.author: jaimeo
ms.date: 07/27/2017
---
diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md
index 9897eb371d..a0e4e4886c 100644
--- a/windows/deployment/update/waas-integrate-wufb.md
+++ b/windows/deployment/update/waas-integrate-wufb.md
@@ -4,9 +4,9 @@ description: Use Windows Update for Business deployments with management tools s
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-author: DaniHalfin
+author: jaimeo
ms.localizationpriority: medium
-ms.author: daniha
+ms.author: jaimeo
ms.date: 07/27/2017
---
diff --git a/windows/deployment/update/waas-manage-updates-configuration-manager.md b/windows/deployment/update/waas-manage-updates-configuration-manager.md
index e51a60fb0d..b222321f5b 100644
--- a/windows/deployment/update/waas-manage-updates-configuration-manager.md
+++ b/windows/deployment/update/waas-manage-updates-configuration-manager.md
@@ -4,9 +4,9 @@ description: System Center Configuration Manager provides maximum control over q
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-author: DaniHalfin
+author: jaimeo
ms.localizationpriority: medium
-ms.author: daniha
+ms.author: jaimeo
ms.date: 10/16/2017
---
diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md
index 45492a47f7..4f72bbeb5d 100644
--- a/windows/deployment/update/waas-manage-updates-wsus.md
+++ b/windows/deployment/update/waas-manage-updates-wsus.md
@@ -4,9 +4,9 @@ description: WSUS allows companies to defer, selectively approve, choose when de
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-author: DaniHalfin
+author: jaimeo
ms.localizationpriority: medium
-ms.author: daniha
+ms.author: jaimeo
ms.date: 10/16/2017
---
diff --git a/windows/deployment/update/waas-mobile-updates.md b/windows/deployment/update/waas-mobile-updates.md
index c87647a798..84d896d30a 100644
--- a/windows/deployment/update/waas-mobile-updates.md
+++ b/windows/deployment/update/waas-mobile-updates.md
@@ -4,9 +4,9 @@ description: tbd
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-author: DaniHalfin
+author: jaimeo
ms.localizationpriority: medium
-ms.author: daniha
+ms.author: jaimeo
ms.date: 07/27/2017
---
diff --git a/windows/deployment/update/waas-optimize-windows-10-updates.md b/windows/deployment/update/waas-optimize-windows-10-updates.md
index 70cba0bcec..0045989a89 100644
--- a/windows/deployment/update/waas-optimize-windows-10-updates.md
+++ b/windows/deployment/update/waas-optimize-windows-10-updates.md
@@ -4,9 +4,9 @@ description: Two methods of peer-to-peer content distribution are available in W
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-author: DaniHalfin
+author: jaimeo
ms.localizationpriority: medium
-ms.author: daniha
+ms.author: jaimeo
ms.date: 09/24/2018
---
diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md
index d663aecf1c..3a9036f170 100644
--- a/windows/deployment/update/waas-restart.md
+++ b/windows/deployment/update/waas-restart.md
@@ -4,9 +4,9 @@ description: tbd
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: DaniHalfin
+author: jaimeo
ms.localizationpriority: medium
-ms.author: daniha
+ms.author: jaimeo
ms.date: 07/27/2017
---
diff --git a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
index a4042a9e10..aae22f0a1e 100644
--- a/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-channels-windows-10-updates.md
@@ -4,9 +4,9 @@ description: tbd
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: DaniHalfin
+author: jaimeo
ms.localizationpriority: medium
-ms.author: daniha
+ms.author: jaimeo
ms.date: 10/13/2017
---
diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md
index bed1c38f39..b44107bdd2 100644
--- a/windows/deployment/update/waas-wu-settings.md
+++ b/windows/deployment/update/waas-wu-settings.md
@@ -4,9 +4,9 @@ description: Additional settings to control the behavior of Windows Update (WU)
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
-author: DaniHalfin
+author: jaimeo
ms.localizationpriority: medium
-ms.author: daniha
+ms.author: jaimeo
ms.date: 07/27/2017
---
diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md
index 49a13d74fc..c400740a30 100644
--- a/windows/deployment/update/waas-wufb-group-policy.md
+++ b/windows/deployment/update/waas-wufb-group-policy.md
@@ -4,9 +4,9 @@ description: Configure Windows Update for Business settings using Group Policy.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-author: DaniHalfin
+author: jaimeo
ms.localizationpriority: medium
-ms.author: daniha
+ms.author: jaimeo
ms.date: 07/27/2017
---
diff --git a/windows/deployment/update/waas-wufb-intune.md b/windows/deployment/update/waas-wufb-intune.md
index 7b60f589cb..f32cbbedeb 100644
--- a/windows/deployment/update/waas-wufb-intune.md
+++ b/windows/deployment/update/waas-wufb-intune.md
@@ -4,9 +4,9 @@ description: Configure Windows Update for Business settings using Microsoft Intu
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-author: DaniHalfin
+author: jaimeo
ms.localizationpriority: medium
-ms.author: daniha
+ms.author: jaimeo
ms.date: 07/27/2017
---
diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md
index 91d6394973..a1a57c4f21 100644
--- a/windows/deployment/upgrade/windows-10-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md
@@ -42,7 +42,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
Windows 10 Pro Education |
Windows 10 Education |
Windows 10 Enterprise |
- Windows 10 Enterprise LTSC |
Windows 10 Mobile |
Windows 10 Mobile Enterprise |
|
@@ -264,17 +263,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
Windows deployment for education environments
